Network Security - Lecture 32
protocol for secure network communications
designed to be simple & inexpensive
SSH1 provided secure remote logon facility
replace TELNET & other insecure schemes
also has more general client/server capability
SSH2 fixes a number of security flaws
documented in RFCs 4250 through 4254
SSH clients & servers are widely available
method of choice for remote login/ X tunnels
60 trang |
Chia sẻ: dntpro1256 | Lượt xem: 754 | Lượt tải: 0
Bạn đang xem trước 20 trang tài liệu Network Security - Lecture 32, để xem tài liệu hoàn chỉnh bạn click vào nút DOWNLOAD ở trên
Network SecurityLecture 32Presented by: Dr. Munam Ali Shah Course Revision Security Threats in Mobile devices EnvironmentLack of Physical security controlUser can use in different location other than organization premisesEven if within organization, the user may move the device within secure and non-secured locationsThis can lead towards theft and temperingA malicious party attempt to recover sensitive data from the device itselfMay use the device to gain access to the organization’s resourcesSecurity Threats in Mobile devices EnvironmentUse of untrusted mobile devicesUse of untrusted networksUse of applications created by unknown partiesInteraction with other systemsAutomatically, synchronizing data with other computing or cloud storage devicesUse of untrusted content such as Quick Response BarcodeUse of location services GPS capability on mobile devices can be used to maintain a knowledge of the physical location of the device.CryptographyThe art of secret writing CryptographyCryptography is the art and science of secrecyHiding one’s secrets has always been human’s desireHistorically, cryptography has been associated with militaryBut now its everywhereCryptography3 interrelated termsCryptologyCryptographyCryptanalysisWhat is cryptology?Cryptology – science of hidingCryptography, Cryptanalysis – hide meaning of a messageSteganography, Steganalysis – hide existence of a messageCryptography – secret writingCryptanalysis – analyzing (breaking) secrets Cryptanalysis is what attacker does Decipher or Decryption is what legitimate receiver doesTerminologyCharactersAliceBobEveTrentPlaintext/messageCiphertextTerminologyKeySingle/secret/symmetric keyTwo/public/asymmetric keyEncryption/enciphermentThe conversion of data into ciphertext, that cannot be easily understood by unauthorized people.Decryption/deciphermentThe process of converting encrypted data back into its original form so that it can be understood. 11CryptographyplaintextmessageciphertextmessageEncryptionDecryptionEncrypted(Information) cannot be read Decrypted(Encrypted(Information)) can beCryptography EncryptDecryptPlaintextCiphertextPlaintextAliceBobEve(active attacker)Insecure ChannelA simple exampleMore simple exampleAnother way to represent the concept of Cryptography Goals of the AdversaryGet the key (ideally)Get the messageGet part of the message/some information about the messageCryptographyCryptographic systems are characterized along three independent dimensions:The type of operations used for transforming plaintext to ciphertext. The number of keys used. The way in which the plaintext is processed. Unconditional Security Vs Computational Security Unconditional Security The cipher cannot be broken no matter how much computer power or time is availableThe only example is OTP (one time passwords)Computational Security The cipher cannot be broken given limited computing resourcesThe examples are DES, AES, RC4, etc.Secret Vs Public AlgorithmBenefits of having algorithm secretTwo levels of secrecyBenefits of having algorithm publicPeer review, evaluation and cryptanalysisCryptanalysis and Brute-Force AttackTypically, the objective of attacking an encryption system is to recover the key in use rather than simply to recover the plaintext of a single ciphertext. There are two general approaches to attacking a conventional encryption scheme:CryptanalysisCryptanalytic attacks rely on the nature of the algorithm plusperhaps some knowledge of the general characteristics of the plaintext oreven some sample plaintext–ciphertext pairs. This type of attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used.Brute-force attackThe attacker tries every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained. On average, half of all possible keys must be tried to achieve success.Caesar CipherIf each letter is assigned a number (a=0, z=25), Encryption/Decryption defined as:C = E(p) = (P + 3) mod (26)P = D(c) = (C – 3) mod (26)Example:meet me after the toga partyphhw ph diwhu wkh wrjd sduwbMonoalphabetic CipherInstead of substituting each letter in a sequential order (shift), substitute the letters arbitrarily Each plaintext letter maps to a unique ciphertext letter Hence key is 26 letters long Language Redundancy and CryptanalysisHave tables of single, double & triple letter frequencies for various languagesWhich is the most common digram?TH Which is the most common trigram?THE Advanced Encryption StandardA new standard was needed primarily because DES has a relatively small 56-bit key which was becoming vulnerable to brute force attacks. In addition, the DES was designed primarily for hardware and is relatively slow when implemented in software. While Triple-DES avoids the problem of a small key size, it is very slow even in hardware; it is unsuitable for limited-resource platforms; and it may be affected by potential security issues connected with the (today comparatively small) block size of 64 bits.AES StagesFour stages of AES: (Permutation, Substitution)Substitute Byte : Each byte of the block is replaced by its substitutionShift Rows : 1-byte circular shift is performedMix columns : each byte of a column is mapped in to a new value. Add round key: The block is XOR with subkeyStream Ciphersprocess the message bit by bit (as a stream) typically have a (pseudo) random stream key combined (XOR) with plaintext bit by bit randomness of stream key completely destroys any statistically properties in the message Ci = Mi XOR StreamKeyi Keystream is XORed with plaintext bit by bit but must never reuse stream keyotherwise can remove effect and recover messagesStream Cipher Propertiessome design considerations are:long period with no repetitions statistically random depends on large enough keylarge linear complexityuse of highly non-linear boolean functions Stream Cipher IllustrationRC4a proprietary cipher owned by RSA another Ron Rivest design, simple but effectivevariable key size (1-256 bytes)byte-oriented stream cipher widely used (web SSL/TLS, wireless WEP) key forms random permutation of all 8-bit values uses that permutation to scramble input info processed a byte at a time Remained trade secret till 1994RC4 WorkingInitialize state vector SPermute SGenerate key streamMore details in Lecture 16 - 21 !!!Public Key/Asymmetric Key Cryptography Public key cryptographyAsymmetric key cryptography2 key cryptography Presented by Diffie & Hallman (1976)New directions in cryptographyWhy Public-Key Cryptography?Key distribution under symmetric encryption requiresTwo communicants already share a keyThe use of Key Distribution Center (KDC)Whitfield Diffie & Martin Hellman reasoned2nd requirement neglected the essence of cryptography, i.e. the ability to maintain total secrecy over your own communicationhow to verify a message comes intact from the claimed sender?Private-Key Cryptographytraditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications are compromised also is symmetric, parties are equal hence does not protect sender from receiver forging a message & claiming is sent by sender Public-Key Cryptographyinvolves the use of two keys: a public-key, which may be known by anybody, and can be used to encrypt messages, and verify signatures a private-key, known only to the recipient, used to decrypt messages, and sign (create) signaturesis asymmetric becausethose who encrypt messages or verify signatures cannot decrypt messages or create signaturesPublic-Key CharacteristicsPublic-Key algorithms rely on two keys where:it is computationally infeasible to find decryption key knowing only algorithm & encryption keyit is computationally easy to en/decrypt messages when the relevant (en/decrypt) key is knowneither of the two related keys can be used for encryption, with the other used for decryptionEssential stepsEach user generates its pair of keysPlaces public key in public folderBob encrypt the message using Alice’s public key for secure communicationAlice decrypts it using her private keyA random number generator (RNG) is a computational or physical device designed to generate a sequence of numbers or symbols that lack any pattern, i.e. appear random. The many applications of randomness have led to the development of several different methods for generating random dataTrue Random number generator (TRNG)A pseudorandom number generator (PRNG), also known as a deterministic random bit generator (DRBG), is an algorithm for generating a sequence of numbers whose properties approximate the properties of sequences of random numbers. The PRNG-generated sequence is not truly random, because it is completely determined by a relatively small set of initial values, called the PRNG's seed (which may include truly random values).Although sequences that are closer to truly random can be generated using hardware random number generators, pseudorandom number generators are important in practice for their speed in number generation and their reproducibilityPseudorandom number generator (PRNG)Potential locations for confidentiality attacksInsider: eavesdropping the LANOutsider: from server or host with dial up facilityPatch panel is vulnerable if intruder access it physically: (can use low power radio transmitter)Attack through transmission mediumWired (coaxial, twisted pair, fibre optic)Wireless(microwave, satellite)Link vs. end to end encryptionhave two major placement alternativeslink encryptionvulnerable links are equipped with encryption deviceEn/decryption occurs independently on every linkrequires many devices in a large networkUser has no control over security of these devicesMany keys must be providedend-to-end encryption encryption occurs between original source and final destinationneed devices at each end with shared keysAuthenticationMessage Authentication Code (MAC)MAC = C(K,M)M: Input messageC: MAC functionK: Shared secret keyMessage + MAC are sent to the intended recipientRecipient calculates MAC’ = C(K,M’)If MAC = MAC’ then accept else rejectProperties of MACMAC function need not be reversible (in contrast to decryption function)MAC input: arbitrary lengthMAC output: fixed length (typically much smaller than message length)MAC is many-to-one functionHash FunctionA variation of MACDoes not need a keyh = H(M)h is called hash code/hash value/message digestRequirements of Hash FunctionArbitrary length inputFixed length outputH(x) is easy to computeGiven h, computationally hard to find x such that H(x) = h (called onewayness)Given x, computationally hard to find y ≠ x such that H(x) = H(y) (called weak collision resistance)Comp hard to find a pair x,y such that H(x) = H(y) (called strong collision resistance)Problem in message authenticationMessage authentication protect two parties from third party, will it protect two parties from each ?? John sends authenticated message to Marry (msg+MAC)Marry may forge a different message and claims that it comes from JohnJohn can deny sending the message to Marry later onhence include authentication function with additional capabilitiesDigital Signature Propertiesmust depend on the message being signedmust use information unique to senderto prevent both forgery and denialmust be relatively easy to producemust be relatively easy to recognize & verifybe computationally infeasible to forge with new message for existing digital signaturewith fraudulent digital signature for given messagebe practical save digital signature in storageAuthentication Applications KerberosX.509KerberosAuthentication service developed at MITUses trusted key server systemProvides centralised private-key third-party authentication in a distributed networkallows users access to services distributed through networkwithout needing to trust all workstationsrather all trust a central authentication servertwo versions in use: 4 & 5X.509 Authentication Service defines framework for authentication services directory may store public-key certificateswith public key of user signed by certification authority uses public-key crypto & digital signatures algorithms not standardised, but RSA recommendedX.509 certificates are widely usedX.509 certificate associates public key with its userSecure Electronic Transactions (SET)Open encryption & security specificationTo protect Internet credit card transactionsDeveloped in 1996 by Mastercard, VisaNot a payment systemRather a set of security protocols & formatssecure communications amongst partiesProvides trust by the use of X.509v3 certificatesPrivacy by restricted info to those who need itSET ParticipantsInterface b/w SET and bankcard payment network e.g. a BankProvides authorization to merchant that given card account is active and purchase does not exceed card limitMust have relationship with acquirerissue X.509v3 public-key certificates for cardholders, merchants, and payment gatewaysSecure Shell (SSH)protocol for secure network communicationsdesigned to be simple & inexpensiveSSH1 provided secure remote logon facilityreplace TELNET & other insecure schemesalso has more general client/server capabilitySSH2 fixes a number of security flawsdocumented in RFCs 4250 through 4254SSH clients & servers are widely availablemethod of choice for remote login/ X tunnelsSSH Connection Protocol ExchangeThe course Network Security concludes hereThe End
Các file đính kèm theo tài liệu này:
- network_security_31_7318_2027074.pptx